Don’t Neglect the Online Channel: Combating Cross-Channel Fraud at the Root
The newest threat to online banking accounts and online fraud detection involves fraudsters using a multi-step plot that involves various interaction points with financial institutions.
Cyber-criminals commit this cross-channel Internet banking fraud by first unauthorized logging-in to an account via the online channel to pilfer precious information such as account balances, check images, or signature blocks, in order to perform wire, check and other types of offline schemes that never get connected to the original breach online.
Regrettably, the online channel’s role in these schemes is often ignored. This is precisely what makes this kind of fraud so successful – and complicated to catch. Financial institutions only register the final transaction fraud, and can’t account for the original breach, which often occurs in the online channel. Add this to the reality that consumers don’t know it is happening, and the fraudsters have a great opportunity to continuously get away with this misconduct.
Case in point is what came about recently to a leading financial institution that services tens of thousands of customers daily. Despite assertive efforts to defend its online environment, fraudsters executed a startling cross-channel fraud scheme.
Here’s how the fraud scheme took place:
1. The fraudster telephoned the institution’s customer service number and, using social engineering practices, reset the online account password and contact phone number.
2. The fraudster got into the online account, learned more about the customer’s online activities, and downloaded check images including the customer’s signature.
3. The fraudster then called on a separate institution using the stolen information to open a new account in the victim’s name.
4. A wire transfer was organized to empty the victimized account and credit the new account at bank #2. Because the names on the accounts were identical and the fraudster had provided a phone number under his/her control and a valid signature, an offline verification of the transfer by phone, as a back up means of identification, passed and was authorized.
5. The fraudster withdrew his loot gradually, visiting separate branches in a state different than the victim’s.
Legacy Fraud Detection Techniques Blind to Online Activity
When fraudsters exploit schemes involving multiple interactions with different touch-points across an organization, they aren’t caught because the precursor online channel break is often overlooked.
Common industry procedure registers the closing fraud transaction as the breach place, and case forensics employ partial resources to return insight that cannot track the original breach to the online channel. When accessed only for exploration, the online channel records no “transaction” for detection. This is precisely what makes cross-channel fraud so effective – and so hard to catch. Moreover, as what kind of fraud is our preceding example to be categorized. Is such a loss wire fraud, check fraud, or simply “online account fraud”?
A next-generation method to online fraud detection and prevention is needed if we are to continue to retain customer confidence in the online banking security. According to Javelin Research’s 2007 Identity Fraud Survey Report, it requires an average of 60 days for consumers to even spot that fraud has occurred. This leaves fraudsters with a perfect opportunity to carry out successful cross-channel fraud crimes if financial services providers don’t take defensive steps to protect both their customers and their bottom line. New best practices and back-end technologies that center on online behavior can better isolate and prevent cross-channel fraud at the source.
Modeling Individual Account Behavior Ends Fraud at Its Source
An emergent best practice Normal 0 false false false MicrosoftInternetExplorer4 of online fraud prevention is to employ predictive models of individual customer online conduct to detect when the “customer” logging in isn’t who they say they are, even if they pass authentication. Beyond standard machine signature technology, user profiling technologies depend on trended analysis of behavior account by account. They start by understanding what “normal” behavior is for each individual customer – and admit that there is no single pattern of “normal” behavior to write an anti-fraud rule against.
Dynamic, model-based investigation of account activity “does the math” – piecing together what by themselves may seem like fragile indicators of fraud until a clear pattern emerges. Behavior that strays from what is expected becomes suspicious – the more the deviation, the deeper the suspicion. This comprehensive analysis allows for more granular risk scoring and better matching with offline activity patterns. A side-effect of this behavioral analysis Normal 0 false false false MicrosoftInternetExplorer4 through transaction monitoring software, also provides a rich history of online activity that aids investigation and forensics.
Using these techniques, organizations can identify the fraudster via the alarms to online activity outside the customer’s expected behavior. Deploying strong analytics at the source – the online channel – ensures that fraudsters’ attacks are shut down before any damage is done.
